Restrict roaming profiles to specific site, in a multi site domain?

By william ·
We have a number of different SBS 2003 domains which are on servers that will be replaced by Server 2008. As part of the process the new servers will be made part of the head office domain and we will create different sites that correspond to the location. A major issue we have come across is being able to restrict roaming profiles, to prevent the profile trying to load across the WAN.

I am trying to work out how to impliment a script/policy that will only allow a user to load a roaming profile if they are authenticating to the server on which the profile is stored. The result I want to achieve is:

*user at Site A logs onto the site A server on a local workstation - roaming profile loads.
*Site A user logs onto the site B server on a site B workstation - roaming profile does not load.

We need to use roaming profiles at the sites because users have to share desks and computers, which means they log onto the first available computer to do their work.

Anyone have any idea on how the achieve this? .

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

You need desktop authority

by robo_dev In reply to Restrict roaming profiles ...

Product by scriptlogic that eliminates the need to use roaming profiles.

Otherwise, using strictly group policy, I believe that AD can do what you want:

Assuming the remote sites are a different subnet, then you need to create Sites in "Active Directory Sites and Services" for those subnets. That lets you then define Group Policy for these sites. Group Policies linked to sites will only apply to objects located at the sites (what happens at a remote site stays at the remote site :) )

Collapse -

Reponse To Answer

by william In reply to You need desktop authorit ...

Thank you for the reply, we will be using different subnets- so will definately check this out.

Collapse -

Stick with Group Policy

by Seonix In reply to Restrict roaming profiles ...

Group policy will most certainly achieve your goal. This is a very common scenario used in Enterprise environments when a site is over a very slow link.
Simply create an AD site with those site subnets in it and then create and link a Group Policy Object to that site. I don't know the exact GPO setting you need but I'm sure Google will point you in the right direction.

Collapse -

Reponse To Answer

by william In reply to Stick with Group Policy

GP was where were looking, but we were thinking of the site computer container in AD not against the site itself.

Google hasn't been much help on this one, and I did use a wide range of search terms.

Collapse -

Folder redirection will provide you with a solution to that

by . Avi In reply to Restrict roaming profiles ...

Instead of setting a roaming profile you can choose to redirect folders to a different file share based on AD group membership or by placement of different folder redirection GPO on different site OUs,

I think that would provide you with more control over where the profiles are stored and what happens to them.

search in google for "technet folder redirection" or best practices and you'll see what i'm talking about, and if you want to go into more specific, feel free to pm me.

Related Discussions

Related Forums